SOSVirus » news » PUP.Optional.OneSystemCare


OneSystemCare is a software usually installs without your knowledge vith the download of freeware. In fact some sites use the method of repackaging. This is an operation that is to redo the module software installation by adding download options. These options allow to add other software as for example toolbars browser, or potentially unwanted software. The addition of these new programs can decrease the performance of the system but also slow or redirect internet surfing. As a general rule, should focus on the author’s official site to download your software.
Identified : 07/08/2015.


– It belongs to a family of PUP (Potentially Unwanted Program).
– A polluteware is a software that pollutes storage and/or the Base of registers.
– Vendor : PUP.Optional

Main Actions

– It installs a plugin of the browser Google Chrome (G2)
– It installs a program of extension for browser Mozilla Firefox (M2)
– It installs a plugin of the browser Mozilla Firefox (P2)
– It changes the start page of the browser Mozilla Firefox (M0),
– It changes the start page of the browser Internet Explorer (R0),
– It changes the browser Internet Explorer search page (R1),
– It changes settings URLSearchHook browser Microsoft Internet Explorer (R3),
– It changes the IP addresses of the file Hosts (O1),
– It is installed as a BHO (Browser Helper Object) of internet browser (O2),
– It installs as a process launched at startup of the system (RP),
– It settled in the Base of registers to be launched each time with the system (O4).
– It hijack key Winsock with its own resource (O10)
– It changes the address or domain DNS (O17)
– It installs as a registry value AppInit_DLLs (O20),
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It starts a task planned in automatic (O39),
– It installs drivers that start automatically with the system (O41)
– It installs as a program (O42),
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It installs a process of variable size to the level of the system folders (O44)
– It moved to the Windows prefetcher folder (O45).
– It installs as a driver system (O58),
– It creates multiple files users (O61),
– It creates a Legacy pointing to a malware service, key in the registry. (O64)
– It modifies the startup of browsers Mozilla Firefox and Internet Explorer (O68),
– It changes the Internet research provider (O69),
– It creates an active incoming connection in the application of the firewall Windows exceptions (O87),

– (…) — C:Program FilesOneSystemCareCleanupConsole.exe
(…) — C:Program FilesOneSystemCareCleanupConsole.exe
(…) — C:Program FilesOneSystemCareOneSystemCare.exe
(…) — C:Program FilesOneSystemCareOneSystemCare.exe
(…) — C:Program FilesOneSystemCareOneSystemCare.exe
O39 – APT: One System CarePeriod – (…) — C:WindowsTasksOne System CarePeriod.job
O39 – APT: One System CarePeriod – (…) — C:WindowsSystem32TasksOne System CarePeriod
O39 – APT: One System CareStartUp – (…) — C:WindowsTasksOne System CareStartUp.job
O39 – APT: One System CareStartUp – (…) — C:WindowsSystem32TasksOne System CareStartUp
O42 – Logiciel: One System Care – (.OneSystemCare.) — OneSystemCare

O43 – CFD: 06/06/2015 – 13:40:47 – [] —-D C:Program FilesOneSystemCare
O43 – CFD: 06/06/2015 – 13:40:43 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsOneSystemCare
O43 – CFD: 06/06/2015 – 13:44:38 – [] —-D C:UsersCoolmanAppDataRoamingOne System Care



Remove Software

– Remove software in Windows Configuration Panel,

Remove with ZHPcleaner

Diagnose with ZHPDiag

1 Vote2 Votes3 Votes4 Votes5 Votes (No Ratings Yet)

Leave a Comment